Authorisation

This is a real life story. We were building an enterprise with micro-payments involved and stuff. We needed a terminal/kiosk network, and this task was bound to be outsourced. So my boss had found a company XYZ that offers ready-made solutions, and he asked me to investigate their offer. I returned to him with my verdict:
— we can't use this XYZ service, because they require our users to submit their passwords to XYZ and then XYZ logs into our system on user's behalf. This is plain out wrong, and should not be implemented ever.
He argued on the basis «a well established company can not possibly sell us junk» — so stunningly true! yeah! So he decided to carry out his own investigation.

A few days later he informed me of his decision:
— I have presented the XYZ's offer to a computer security specialist N. He advised us against using the XYZ's services because they do not employ cryptography.

So the story has ended quite happily. Thanks to the magic of the «cryptography».